"ISO 27001 is a management system intended to bring information security under management control. It is part of the ISO/IEC 27000 family of standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001 requires that management examine the organization's information security risks. The goal is to identify threats and vulnerabilities, and their potential impact. It also requires the design and implementation of information security controls, risk avoidance or risk transfer to address unacceptable risks. It also includes the adoption of a management process that allows security controls to evolve and meet the security needs of the organization on a continual basis."
Would you like to learn more about the ISO 27001? Get a Governance, Risk and Compliance (GRC) demonstration of Rsam.